diff --git a/dev/dockerbox.yml b/dev/dockerbox.yml
index 48927c4..651226b 100644
--- a/dev/dockerbox.yml
+++ b/dev/dockerbox.yml
@@ -5,9 +5,11 @@
     - host_vars/dockerbox.yml
   roles:
     - base
+    - proxy
     - docker
+    - mariadb
     - traefik
     - nextcloud
-    - jenkins
-    - prometheus
-    - nginx
+    # - jenkins
+    # - prometheus
+    # - nginx
diff --git a/dev/host_vars/dockerbox.yml b/dev/host_vars/dockerbox.yml
index 95e8545..4efbe68 100644
--- a/dev/host_vars/dockerbox.yml
+++ b/dev/host_vars/dockerbox.yml
@@ -2,29 +2,59 @@
 allow_reboot: false
 manage_network: false
 
+# Import my GPG key for git signature verification
+root_gpgkeys:
+  - name: kris@lamoureux.io
+    id: FBF673CEEC030F8AECA814E73EDA9C3441EDA925
+
+# proxy
+proxy:
+  servers:
+    - domain: cloud.local.krislamo.org
+      proxy_pass: http://127.0.0.1:8000
+
 # docker
+docker_official: true # docker's apt repos
 docker_users:
   - vagrant
 
+docker_compose_env_nolog: false # dev only setting
+docker_compose_deploy:
+  # Traefik
+  - name: traefik
+    url: https://github.com/krislamo/traefik
+    version: e03268af4cf942c47cba66c2112628dbcad1b756
+    path: docker-compose.web.yml
+    enabled: true
+    accept_newhostkey: true
+    trusted_keys:
+      - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
+    env:
+      ENABLE: true
+  # Nextcloud
+  - name: nextcloud
+    url: https://git.krislamo.org/kris/nextcloud
+    version: f1e143f1d5be2ffb6fa77792a80810f8a6c4ffb1
+    env:
+      DATA: ./data
+
 # traefik
-traefik_version: latest
-traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
-traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
-traefik_web_entry: 0.0.0.0:80
-traefik_websecure_entry: 0.0.0.0:443
-#traefik_acme_email: realemail@example.com # Let's Encrypt settings
-#traefik_production: true
-#traefik_http_only: true # if behind reverse-proxy
+traefik:
+  ENABLE: true
 
 # nextcloud
-nextcloud_version: stable
-nextcloud_admin: admin
-nextcloud_pass: password
-nextcloud_domain: cloud.local.krislamo.org
+nextcloud:
+  DB_PASSWD: password
+  ADMIN_PASSWD: password
 
-nextcloud_dbversion: latest
-nextcloud_dbpass: password
+# nextcloud
+#nextcloud_version: stable
+#nextcloud_admin: admin
+#nextcloud_pass: password
+#nextcloud_domain: cloud.local.krislamo.org
+
+#nextcloud_dbversion: latest
+#nextcloud_dbpass: password
 
 # jenkins
 jenkins_version: lts
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
index c4ae79f..57aff68 100644
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -1,11 +1 @@
-# container names
-nextcloud_container: nextcloud
-nextcloud_dbcontainer: "{{ nextcloud_container }}-db"
-
-# database settings
-nextcloud_dbname: "{{ nextcloud_container }}"
-nextcloud_dbuser: "{{ nextcloud_dbname }}"
-
-# host mounts
-nextcloud_root: "/opt/{{ nextcloud_container }}/public_html"
-nextcloud_dbroot: "/opt/{{ nextcloud_container }}/database"
+nextcloud_name: nextcloud
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 0a04202..83ad231 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -1,88 +1,59 @@
-- name: Create Nextcloud network
-  community.general.docker_network:
-    name: "{{ nextcloud_container }}"
+- name: Install MySQL module for Ansible
+  ansible.builtin.apt:
+    name: python3-pymysql
+    state: present
 
-- name: Start Nextcloud's database container
-  community.general.docker_container:
-    name: "{{ nextcloud_dbcontainer }}"
-    image: mariadb:{{ nextcloud_dbversion }}
+- name: Create Nextcloud database
+  community.mysql.mysql_db:
+    name: "{{ nextcloud.DB_NAME | default('nextcloud') }}"
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Create Nextcloud database user
+  community.mysql.mysql_user:
+    name: "{{ nextcloud.DB_USER | default('nextcloud') }}"
+    password: "{{ nextcloud.DB_PASSWD }}"
+    host: '%'
+    state: present
+    priv: "{{ nextcloud.DB_NAME | default('nextcloud') }}.*:ALL"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Start Nextcloud service and enable on boot
+  ansible.builtin.service:
+    name: "{{ docker_compose_service }}@{{ nextcloud_name }}"
     state: started
-    restart_policy: always
-    volumes: "{{ nextcloud_dbroot }}:/var/lib/mysql"
-    networks_cli_compatible: true
-    networks:
-      - name: "{{ nextcloud_container }}"
-    env:
-      MYSQL_RANDOM_ROOT_PASSWORD: "true"
-      MYSQL_DATABASE: "{{ nextcloud_dbname }}"
-      MYSQL_USER: "{{ nextcloud_dbuser }}"
-      MYSQL_PASSWORD: "{{ nextcloud_dbpass }}"
-
-- name: Start Nextcloud container
-  community.general.docker_container:
-    name: "{{ nextcloud_container }}"
-    image: nextcloud:{{ nextcloud_version }}
-    state: started
-    restart_policy: always
-    volumes: "{{ nextcloud_root }}:/var/www/html"
-    networks_cli_compatible: true
-    networks:
-      - name: "{{ nextcloud_container }}"
-      - name: traefik
-    env:
-      PHP_MEMORY_LIMIT: 1024M
-    labels:
-      traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
-      traefik.http.routers.nextcloud.entrypoints: websecure
-      traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
-      traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav"
-      traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
-      traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
-      traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true"
-      traefik.docker.network: traefik
-      traefik.enable: "true"
-
-- name: Grab Nextcloud database container information
-  community.general.docker_container_info:
-    name: "{{ nextcloud_dbcontainer }}"
-  register: nextcloud_dbinfo
+    enabled: true
+  when: nextcloud.ENABLE | default('false')
 
 - name: Grab Nextcloud container information
   community.general.docker_container_info:
-    name: "{{ nextcloud_container }}"
+    name: "{{ nextcloud_name }}"
   register: nextcloud_info
 
 - name: Wait for Nextcloud to become available
   ansible.builtin.wait_for:
     host: "{{ nextcloud_info.container.NetworkSettings.Networks.traefik.IPAddress }}"
+    delay: 10
     port: 80
 
 - name: Check Nextcloud status
-  ansible.builtin.command: "docker exec --user www-data {{ nextcloud_container }}
+  ansible.builtin.command: "docker exec --user www-data {{ nextcloud_name }}
             php occ status"
   register: nextcloud_status
-  args:
-    removes: "{{ nextcloud_root }}/config/CAN_INSTALL"
-
-- name: Wait for Nextcloud database to become available
-  ansible.builtin.wait_for:
-    host: "{{ nextcloud_dbinfo.container.NetworkSettings.Networks.nextcloud.IPAddress }}"
-    port: 3306
+  changed_when: false
 
 - name: Install Nextcloud
-  ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }}
+  ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_name }}
             php occ maintenance:install
               --database "mysql"
-              --database-host "{{ nextcloud_dbcontainer }}"
-              --database-name "{{ nextcloud_dbname }}"
-              --database-user "{{ nextcloud_dbuser }}"
-              --database-pass "{{ nextcloud_dbpass }}"
-              --admin-user "{{ nextcloud_admin }}"
-              --admin-pass "{{ nextcloud_pass }}"'
+              --database-host "{{ nextcloud.DB_HOST | default(''host.docker.internal'') }}"
+              --database-name "{{ nextcloud.DB_NAME | default(''nextcloud'') }}"
+              --database-user "{{ nextcloud.DB_USER | default(''nextcloud'') }}"
+              --database-pass "{{ nextcloud.DB_PASSWD }}"
+              --admin-user "{{ nextcloud.ADMIN_USER | default(''admin'') }}"
+              --admin-pass "{{ nextcloud.ADMIN_PASSWD }}"'
   register: nextcloud_install
-  when:
-    - nextcloud_status.stdout[:26] == "Nextcloud is not installed"
-    - nextcloud_domain is defined
+  when: nextcloud_status.stderr[:26] == "Nextcloud is not installed"
 
 - name: Set Nextcloud's Trusted Proxy
   ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }}
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index 32b0904..cbf6e40 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -21,20 +21,6 @@
   loop: "{{ traefik_external }}"
   when: traefik_external is defined
 
-- name: Install Traefik's docker-compose file
-  ansible.builtin.template:
-    src: docker-compose.yml.j2
-    dest: "{{ traefik_root }}/docker-compose.yml"
-    mode: 0400
-  notify: restart_traefik
-
-- name: Install Traefik's docker-compose variables
-  ansible.builtin.template:
-    src: compose-env.j2
-    dest: "{{ traefik_root }}/.env"
-    mode: 0400
-  notify: restart_traefik
-
 - name: Install static Traefik configuration
   ansible.builtin.template:
     src: traefik.yml.j2
@@ -42,8 +28,9 @@
     mode: 0400
   notify: restart_traefik
 
-- name: Start and enable Traefik service
+- name: Start Traefik service and enable on boot
   ansible.builtin.service:
     name: "{{ docker_compose_service }}@{{ traefik_name }}"
     state: started
     enabled: true
+  when: traefik.ENABLED | default('false')